Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.
Louis Columbus 1:58 pm, PT, April 15, 2026 Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot…
patched